[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#943594: buster-pu: package libapache-mod-auth-kerb/5.4-2.4~deb10u1

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

This brings the fix for a use after free crash to buster.
Since there were no other changes between buster and bullseye,
I elected to just add a "backport to buster" changelog.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

diff -u libapache-mod-auth-kerb-5.4/debian/changelog libapache-mod-auth-kerb-5.4/debian/changelog
--- libapache-mod-auth-kerb-5.4/debian/changelog
+++ libapache-mod-auth-kerb-5.4/debian/changelog
@@ -1,3 +1,16 @@
+libapache-mod-auth-kerb (5.4-2.4~deb10u1) buster; urgency=medium
+
+  * Rebuild for buster
+
+ -- Paul Wise <pabs@debian.org>  Sun, 27 Oct 2019 13:58:04 +0800
+
+libapache-mod-auth-kerb (5.4-2.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply patch from upstream issue tracker to fix crash (Closes: #934043)
+
+ -- Paul Wise <pabs@debian.org>  Mon, 21 Oct 2019 11:15:20 +0800
+
 libapache-mod-auth-kerb (5.4-2.3) unstable; urgency=medium
 
   * Don't apply the delegation patch, it can break gssapi auth. (Closes:
diff -u libapache-mod-auth-kerb-5.4/debian/patches/series libapache-mod-auth-kerb-5.4/debian/patches/series
--- libapache-mod-auth-kerb-5.4/debian/patches/series
+++ libapache-mod-auth-kerb-5.4/debian/patches/series
@@ -10,0 +11 @@
+mod_auth_kerb-krb5_kt_close.patch
only in patch2:
unchanged:
--- libapache-mod-auth-kerb-5.4.orig/debian/patches/mod_auth_kerb-krb5_kt_close.patch
+++ libapache-mod-auth-kerb-5.4/debian/patches/mod_auth_kerb-krb5_kt_close.patch
@@ -0,0 +1,20 @@
+Description: fix use after free in authenticate_user_krb5pwd()
+Origin: https://sourceforge.net/p/modauthkerb/bugs/61/attachment/mod_auth_kerb-krb5_kt_close.patch
+Bug: https://sourceforge.net/p/modauthkerb/bugs/61/
+Bug-Debian: https://bugs.debian.org/934043
+Author: Johan Ymerson (https://sourceforge.net/u/ymerson/)
+diff -ruN mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c mod_auth_kerb-5.4/src/mod_auth_kerb.c
+--- mod_auth_kerb-5.4.orig/src/mod_auth_kerb.c	2018-12-12 16:59:43.762013269 +0100
++++ mod_auth_kerb-5.4/src/mod_auth_kerb.c	2018-12-12 16:59:59.151945123 +0100
+@@ -799,11 +799,9 @@
+ 	            "failed to verify krb5 credentials: %s",
+ 		          krb5_get_err_text(context, ret));
+          krb5_kt_end_seq_get(context, keytab, &cursor);
+-         krb5_kt_close(context, keytab);
+          goto end;
+        }
+        krb5_kt_end_seq_get(context, keytab, &cursor);
+-       krb5_kt_close(context, keytab);
+      }
+      else {
+        if ((ret = verify_krb5_init_creds(r, context, &creds, server, keytab))) {

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: